Phishing Scam Prevention Tactics

Posted on 07/01/2009 by US Treasury Dept

Host:

Howard this sounds pretty crafty, what's being done to stop the phishers or phishermen or what you want to call them?

Howard:

There are basically four categories of things that are being done. One, first and foremost is new technology. We're starting to see different company whether they are ecommerce companies, operating system operators, even small companies developing new technologies to help fight phishing. The second thing is the institutional perspective, where companies are working better together. Security groups from one company calling another one saying, "by the way we see something that affects your company" and that sharing of information which is somewhat natural. The other thing is the education awareness and this is really a big part because we can make really, really safe cars, but if you drive them too fast, you don't put brake fluid in you're going to have a problem. So, educating people what to watch out for is the third piece of that. The forth one and clearly is a law enforcement piece. If the first three are not 100% successful, which we never really expect them to be, law enforcement has new tools and new mechanisms by which to investigate these things and hold these criminals accountable.

Host:

All right I have another question for you what about the software itself?

Howard:

In a lot of cases for example the browsers the interface that we have between us and the online world. A couple of things take place in that. One, first and foremost, you need to keep that updated it is vitally important to do so. We talk about this all the time. You need to make sure you are using antivirus software. If you have a high speed connection such as cable modem or dsl system, to have a personal firewall that you use. There are now suites of software out there that include antivirus, spyware, spamware, personal firewalls, all built into a single package which are very, very easy to use. We're also seeing now the proliferation of new gateway devices, for example, when you use a cable modem or dsl modem, those are now coming built-in with wireless connections and software in the device so even less for you to manage.

Host:

Now URLS for example, how, you know we have to look at the url and not just click back on it because it may not be where we really want to go. How many of the institutions or people we deal with have the "s" on the end of the "http" which indicates a secure website?

Howard:

That's correct, it basically is an encryption or a scrambled connection between your desktop and theirs. Anytime you are doing some sort of transaction that involves either credit cards or money look for the presence of the "https" and make sure that you have typed in the URL yourself, the Universal Resource Locator. Don't take one where you get one in the email that says, "click here to update your information" it may have a "s" it will not be a legitimate "s". So type it in yourself, www.mybank.com. Whatever the name of it is, so you know you are legitimately there and look for that "s" and also look for a little lock mark in the lower right corner of your screen, normally where they are currently placed and it shows it is an encrypted session.

Host:

Ok, Nessa crime is crime whether it is online or offline, right?

Nessa:

If a consumer thinks that they may have provided information to a phisher um they are depending on the information provided will determine what steps which they will take. If they provided account information, credit cared information, debit card information, they should immediately contact the financial institution. And they may have to close the account down, get a new credit card, excreta. But consumer should be looking for transactions they didn't make and if they find that there are transactions that they didn't make they should immediately contact their financial institution. And most cases these are resolved fairly quickly. The more quickly they notify the institution, the more quickly and more easily it is that the issue will be resolved. Now, in cases where there phishing incidents where you are not providing account information, but personal information such as your address, social security number, date of birth, mother's maiden name, all that information that could be used to open an account in your name. You may want to take a different step. Might be a good idea to put an alert on your credit report so that a creditor reviewing an application will make sure that they'll take extra steps to ensure that the person who's applying for a loan in your name is in fact you. So, in addition if you provided that information, personal information, you might want to periodically review your credit report to ensure that accounts were not opened.